The Privacy Professional

Codes of Conduct are another mechanism that can be used in transferring Personal data out of the EU to an area that is deemed not have adequate level of protection. In this article, I will explain how they created, complied with and are enforced. (1) Who Responsible for drawing up codes of conduct (a)    Governments and regulators can encourage the drawing up of codes of conduct. (b)    Codes of conduct may be created by trade associations or representative bodies. (c)    Codes should be prepared in consultation with relevant stakeholders, including individuals (Recital 99). (d)    Codes must be approved by the relevant supervisory authority; and where the processing is cross-border, the European Data Protection Board (the EDPB). (e)     Existing codes can be amended or extended to comply with the requirements under the GDPR. (2)    Codes of conduct may cover topics such as: (a)    fair and transparent processing;        (i)    Processing-means any operation or set of operations that

Outside of consent and contract there are number of mechanisms that a company can use to transfer ( cross border ) personal data from the EU to outside of the EU. One of those mechanisms is Binding Corporate Rules (BCRs). BCRs were developed by the Art. 29 Data Protection Working Party as a transfer mechanism that permits multinational groups to create a contractual instrument that corresponds to their specific data processing needs. Application (a)    Must be uniform throughout organization. (b)    Must be enforceable by data subject. (c)    Must indicate clear cooperation with DPA (Data Protection Authority). (d)    Multinational companies must seek the approval of each DPA located in the country where the data is transferred from. Pros  BCRs allow data transfers to entities located in third countries, irrespective of whether the country can provide for an adequate level of data protection or not . Cons BCRs do not apply to transfers to external sub-processors (outsi

Data Mapping does not have to be limited to GDPR compliance . It is good idea for a businesses who stores data to map out the data they posses and what it is used for. In doing this, they can determine which data is necessary. For example, a business can effectively save money by deleting old, outdated and unnecessary data. Below you will find a sample data mapping intake form. A more complex form may contain, the types of data being stored (phone numbers, email, SSN, payment information), the data source and or the custodians and or stewards of the data. You can tailor your mapping intake form to your specific needs. Below you will find a sample data mapping intake form. A more complex form may contain, the types of data being stored (phone numbers, email, SSN, payment information), the data source and or the custodians and or stewards of the data. You can tailor your mapping intake form to your specific needs.